Merged documentation with various updates I had lying around

2001-01-17 01:40:46 +00:00 · 2001-01-17 01:40:46 +00:00 · 1d898e00a9
commit 1d898e00a9
parent 457c6fa7b6
1 changed files with 58 additions and 19 deletions
--- a/doc/tinc.texi
+++ b/doc/tinc.texi
@ -1,5 +1,5 @@
 \input texinfo   @c -*-texinfo-*-
-@c $Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $
+@c $Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $
@c %**start of header
@setfilename tinc.info
@settitle tinc Manual
@ -17,7 +17,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans
 <itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and
 Wessel Dankers <wsl@@nl.linux.org>.
-$Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $
+$Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $
 Permission is granted to make and distribute verbatim copies of this
 manual provided the copyright notice and this permission notice are
@ -42,7 +42,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans
 <itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and
 Wessel Dankers <wsl@@nl.linux.org>.
-$Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $
+$Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $
 Permission is granted to make and distribute verbatim copies of this
 manual provided the copyright notice and this permission notice are
@ -613,6 +613,7 @@ VpnMask configuration variable.
 * Multiple networks::           
 * How connections work::        
 * Configuration file::          
 * Required directives::         
 * Example::                     
@end menu
@ -657,7 +658,7 @@ will try to connect to it, on the given port.  If this fails, tinc exits.
@c ==================================================================
-@node    Configuration file, Example, How connections work, Configuring tinc
+@node    Configuration file, Required directives, How connections work, Configuring tinc
@section Configuration file
 The actual configuration of the daemon is done in the file
@ -726,10 +727,30 @@ on several interfaces at the same time though, if they share the same IP
 address.
@item KeyExpire = <seconds> (3600)
-This option controls the time the encryption keys used to encrypt the
+This option controls the time the encryption keys used to encrypt the data
-data are valid.  It is common practice to change keys at regular
+are valid.  It is common practice to change keys at regular intervals to
-intervals to make it even harder for crackers, even though it is thought
+make it even harder for crackers, even though it is thought to be nearly
-to be nearly impossible to crack a single key.
+impossible to crack a single key.
@item ListenPort = <port> (655)
 Listen on local port port.  The computer connecting to this daemon should
 use this number as the argument for his ConnectPort.
@item MyOwnVPNIP = <local address[/maskbits]> (required)
 The local address is the number that the daemon will propagate to
 other daemons on the network when it is identifying itself.  Hence this
 will be the file name of the passphrase file that the other end expects
 to find the passphrase in.
 The local address is the IP address of the tap device, not the real IP
 address of the host running tincd.  Due to changes in recent kernels, it
 is also necessary that you make the ethernet (also known as MAC) address
 equal to the IP address (see the example).
 maskbits is the number of bits set to 1 in the netmask part.
@item MyVirtualIP = <local address[/maskbits]>
 This is an alias for MyOwnVPNIP.
@item @strong{Name = <name>}
 This is a symbolic name for this connection.  It can be anything 
@ -740,7 +761,7 @@ probe to the other end.  If that other end doesn't answer within that
 same amount of seconds, the connection is terminated, and the others
 will be notified of this.
-@item PrivateKey = <key>
+@item @strong{PrivateKey = <key>}
 This is the RSA private key for tinc. However, for safety reasons it is
 advised to store private keys of any kind in separate files. This prevents
 accidental eavesdropping if you are editting the configuration file.
@ -750,17 +771,35 @@ This is the full path name of the RSA private key file that was
 generated by ``tincd --generate-keys''.  It must be a full path, not a
 relative directory.
-Note that exactly @strong{one of the above two options} must be specified.
+@item PublicKey = <key>
 This is the full path name of the RSA public key file that was generated
 by ``tincd --generate-keys''.  It must be a full path, not a relative
 directory.  (NOTE: In version 1.0pre3, this variable was used to give
 the key inline.  This is no longer supported.)
@item Subnet = <IP address/maskbits>
 This is the subnet range of all IP addresses that will be accepted by
 the host that defines it.  Please be careful that no two subnets
 overlap.  Every host @strong{must} have a different range of IP
 addresses that it can handle, otherwise you will see messages like
 `packet comes back to us'.
@item TapDevice = <device> (/dev/tap0)
 The ethertap device to use.  Note that you can only use one device per
 daemon.  The info pages of the tinc package contain more information
 about configuring an ethertap device for Linux.
-@item VpnMask = <mask>
+@item TCPonly = <yes|no> (no, experimental)
-The mask that defines the scope of the entire VPN.  This option is not
+If this variable is set to yes, then the packets are tunnelled over a TCP
-used by the tinc daemon itself, but can be used by startup scripts to
+connection instead of a UDP connection.  This is especially useful for those
-configure the ethertap devices correctly.
+who want to run a tinc daemon from behind a masquerading firewall, or if
 UDP packet routing is disabled somehow.  This is experimental code,
 try this at your own risk.
@item VpnMask = <mask> (optional)
 The mask that defines the scope of the entire VPN.  This option is not used
 by the tinc daemon itself, but can be used by startup scripts to configure
 the ethertap devices correctly.
@end table
@ -892,7 +931,7 @@ there.  If you get an error, you can check @ref{Error messages}.
@c ==================================================================
-@node    Example,  , Configuration file, Configuring tinc
+@node    Example,  , Required directives, Configuring tinc
@section Example
@ -1193,10 +1232,8 @@ level of 5 or higher!
@item Network address and subnet mask do not match!
@table @bullet
-@item The Subnet field must contain a network address. That means that
+@item The Subnet field must contain a network address
-the lower order bits of the address must be zero. For example, 192.168.1.1/24
+If you only want to use one IP address, set the netmask to /32.
 is wrong, you should use 192.168.1.0/24.
@item If you only want to use one IP address, set the netmask to /32.
@end table
@item This is a bug: net.c:253: 24: Some error
@ -1217,11 +1254,13 @@ files are bound to be in a different directory.
@end table
@end table
@c ==================================================================
@node    Technical information, About us, Running tinc, Top
@chapter Technical information
@menu
 * The Connection::              
 * Security::